<?php
	include('connect_db.php');
	/*if logged in, redirect to homepage */
	if (!checkLoggedin())
	{
		header('Location: login.php');
	}

	if(ISSET($_POST))
	{
	    echo $query = "UPDATE users
					   SET lastname = '".trim($_POST['lastname']).
					   "', firstname = '".trim($_POST['firstname']).
					   "' WHERE id = ".$_SESSION['id'];

		$_SESSION['lastname'] = trim($_POST['lastname']);
		$_SESSION['firstname'] = trim($_POST['firstname']);
		
		mysql_query($query);

		/*upload pictrue*/
		$allowedExts = array("png");
		$extension = end(explode(".", $_FILES["file"]["name"]));
		if ((($_FILES["file"]["type"] == "image/gif")
		|| ($_FILES["file"]["type"] == "image/jpeg")
		|| ($_FILES["file"]["type"] == "image/png")
		|| ($_FILES["file"]["type"] == "image/pjpeg"))
		&& ($_FILES["file"]["size"] < 200000)
		&& in_array($extension, $allowedExts))
		  {
		  if ($_FILES["file"]["error"] > 0)
		    {
		    	echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
		    }
		  else
		    {
		    	/*
			    echo "Upload: " . $_FILES["file"]["name"] . "<br>";
			    echo "Type: " . $_FILES["file"]["type"] . "<br>";
			    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
			    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
				*/
				$extension = end(explode(".", $_FILES["file"]["name"]));
				$_FILES["file"]["name"] = md5($_SESSION['id'].$_SESSION['username']);
				$_FILES["file"]["name"] = $_FILES["file"]["name"].'.'.$extension;

				move_uploaded_file($_FILES["file"]["tmp_name"],
				"uploads/" . $_FILES["file"]["name"]);
				//echo "Stored in: " . "uploads/" . $_FILES["file"]["name"];
			}
		  }
		else
		  {
		  	echo "Invalid file";
		  }


	}
	header('Location: index.php');//a user not belong to this house
?>